diff options
author | smitsohu <smitsohu@gmail.com> | 2018-10-02 17:31:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-02 17:31:12 +0200 |
commit | a375511686701ab2094980804f4c81ea06c3469b (patch) | |
tree | d6ff63e598f3fb1661b4776c3b53383c8ab260d9 | |
parent | mount empty home if macro can't be whitelisted (diff) | |
download | firejail-a375511686701ab2094980804f4c81ea06c3469b.tar.gz firejail-a375511686701ab2094980804f4c81ea06c3469b.tar.zst firejail-a375511686701ab2094980804f4c81ea06c3469b.zip |
incomplete fix: whitelisting of symlinks to other home dirs
belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51
short summary of the new behavior, which should catch a few corner cases better:
- a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was
mounted on the users homedir, which was wrong)
- a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this)
- a symlink pointing back to the entire homedir now works as expected
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 2d4640430..6dd4a7e2d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -430,7 +430,7 @@ void fs_whitelist(void) { | |||
430 | 430 | ||
431 | // if 1 the file was not found; mount an empty directory | 431 | // if 1 the file was not found; mount an empty directory |
432 | if (!nowhitelist_flag) { | 432 | if (!nowhitelist_flag) { |
433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { |
434 | if(!arg_private) | 434 | if(!arg_private) |
435 | home_dir = 1; | 435 | home_dir = 1; |
436 | } | 436 | } |